{"id":9670,"date":"2021-08-05T00:00:39","date_gmt":"2021-08-05T07:00:39","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=9670"},"modified":"2025-06-13T19:27:03","modified_gmt":"2025-06-14T02:27:03","slug":"introducing-rbac-security-for-collections","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/","title":{"rendered":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0"},"content":{"rendered":"<p><strong>Your data in Couchbase just got more secure.<\/strong> <\/p>\n<p>Couchbase Server 7.0 introduced Scopes and Collections to better map between relational and NoSQL data models. But the 7.0 release also includes some additional enhancements to strengthen the security of <a href=\"https:\/\/www.couchbase.com\/products\/capella\/\" rel=\"noopener\" target=\"_blank\">the data platform<\/a>. More specifically, role-based access control (RBAC) security is now supported at the level of individual Scopes and Collections.  <\/p>\n<p>What&#8217;s all this mean for your Couchbase deployments? Let&#8217;s dive in.<\/p>\n<h2>Existing RBAC Security Roles in Couchbase<\/h2>\n<p>Couchbase Server has allowed fine-grained controls of user access to the platform with role-based access control (RBAC) security <a href=\"https:\/\/www.couchbase.com\/blog\/administrative-role-based-access-control-in-4-5\/?ref=blog\" rel=\"noopener\" target=\"_blank\">for administrators since version 4.5<\/a> and for <a href=\"https:\/\/www.couchbase.com\/blog\/secure-nosql-data-couchbase-role-based-access-control\/?ref=blog\" rel=\"noopener\" target=\"_blank\">all users since version 5.0<\/a>. Couchbase Collections were introduced as a developer preview feature in Couchbase Server 6.5 and are <a href=\"https:\/\/www.couchbase.com\/blog\/couchbase-server-7-0-release\/?ref=blog\" rel=\"noopener\" target=\"_blank\">now fully supported in Couchbase Server 7.0<\/a>. <\/p>\n<p>Couchbase <a href=\"https:\/\/docs.couchbase.com\/server\/current\/learn\/security\/roles.html?ref=blog\" rel=\"noopener\" target=\"_blank\">RBAC security roles<\/a> were previously divided into two categories:<\/p>\n<ul>\n<ul>\n<li><strong>Administration and Global:<\/strong> These roles are associated with cluster-wide privileges. Some of these roles are for administrators who might manage cluster-configurations, read statistics or enforce security. Others are for users and user-defined applications that require access to specific, cluster-wide resources.<\/li>\n<li><strong>Per Bucket:<\/strong> These roles are associated with one or more Buckets and support the reading and writing of Bucket settings, access to data, and the management of services, indexes, and replication procedures.<\/li>\n<\/ul>\n<\/ul>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<h2>An RBAC Example Using Scopes and Collections<\/h2>\n<p>For example, you may have given read access to a Bucket named <code>Travel<\/code> to a trusted hotel search engine called Acme Co. with a user named <code>acme<\/code> using a command like this in the command-line interface of a Linux-based cluster. (You may need to adjust the paths if using another platform.)<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091  -u Administrator  -p password \\\r\n --set --rbac-username acme --rbac-password cbpass7beta  --rbac-name \"Acme Co. (Hotel)\" \\\r\n --roles data_reader[Travel] --auth-domain local\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>What this would do is allow your hotel search partner Acme Co. to access all of the data your company is storing in the <code>Travel<\/code> Couchbase Bucket. This might include orders, inventory and other pieces of data for not only hotels but also airlines and other travel products. Following the principle of least privilege, what if we wanted to limit what data Acme Co. has access to, instead of allowing them access to <em>all<\/em> travel data in our company?<\/p>\n<p>Collections allow JSON documents in a Couchbase Bucket to be organized, first into Scopes, where a Scope is similar to a schema in a relational database (RDBMS). Next, the Scope is subdivided into individual Collections, similar to how a table would be structured in a traditional relational database. <\/p>\n<p>The namespace within each Scope is independent of others, hence you can have the same Collection names within different Scopes. Similarly, document keys need to be unique only within a Collection and hence documents with the same key can exist in different Collections. <\/p>\n<p>Before the introduction of Scopes and Collections, it was common to organize Couchbase documents based on key prefixes, such as <code>Orders::Europe::Customer1<\/code>. Collections provide much more flexibility in the document keys than was previously available.<\/p>\n<p>Below is a visual diagram of the relationship between Buckets, Scopes and Collections for an example travel dataset. <\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsDiagram.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-9739\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsDiagram-1024x599.png\" alt=\"Buckets, Scopes and Collections within Couchbase\" width=\"900\" height=\"526\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram-1024x599.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram-300x176.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram-768x449.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram-20x12.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsDiagram.png 1080w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>For seamless upgrades \u2013 and for backwards compatibility \u2013 every Bucket now has a <code>_default<\/code> Scope, and the <code>_default<\/code> Scope has a <code>_default<\/code> Collection. The <code>_default<\/code> Collection provides backward compatibility and a direct reference to the Bucket automatically maps to the <code>_default<\/code> Collection. Also, on upgrade, all existing data is automatically added to the <code>_default<\/code> Collection. <\/p>\n<p>While the <code>_default<\/code> Collection is provided as a backward compatibility mechanism, new applications should be written using named Collections. As you can see, Collections allow for additional options to organize data in a <a href=\"https:\/\/www.couchbase.com\/products\/server\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Couchbase Server<\/a> cluster.<\/p>\n<p>Returning to the example above, what if we wanted to only allow Acme Co. to see the hotel data only, instead of all travel data across the company? With Collections, you can now limit the confines of Acme&#8217;s access to only the Scope of your choosing. <\/p>\n<p>For example, say Acme Co. needed to check the inventory of available hotel rooms, we can narrow their RBAC role down to the <code>Hotel<\/code> Collection inside the <code>Inventory<\/code> Scope within the <code>Travel<\/code> Bucket.<\/p>\n<h2>Role-Based Access Control (RBAC) Security Explained<\/h2>\n<p>How do Scopes and Collections work with role-based access control in the database? <\/p>\n<p>A user who has access to a Bucket inherits access to the children Scopes and Collections of that Bucket. Likewise, a user who has access to a Scope inherits access to the children Collections but not the parent Bucket. <\/p>\n<p>Here&#8217;s a breakdown of how the new role-based security works with Collections:<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>Role<\/strong><\/td>\n<td><strong>Description<\/strong><\/td>\n<\/tr>\n<tr>\n<td><code>data_reader[*]<\/code><\/td>\n<td>Can read data in every Bucket, including every Scope and Collection, cluster-wide.<\/td>\n<\/tr>\n<tr>\n<td><code>data_reader[foo]<\/code><\/td>\n<td>Can read data in every Scope and Collection within only the Bucket <code>foo<\/code>.<\/td>\n<\/tr>\n<tr>\n<td><code>data_reader[foo:bar]<\/code><\/td>\n<td>Can read data in every Collection within the Scope <strong>bar<\/strong> of the Bucket <code>foo<\/code>.<\/td>\n<\/tr>\n<tr>\n<td><code>data_reader[foo:bar:baz]<\/code><\/td>\n<td>Can read data only in the Collection <em>baz<\/em> which is located in the Scope <strong>bar<\/strong> of the Bucket <code>foo<\/code>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-example1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-example1-1024x580.png\" alt=\"Role-based access control on Couchbase Scopes and Collections Example\" width=\"900\" height=\"510\" class=\"aligncenter size-large wp-image-9737\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1-1024x580.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1-300x170.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1-768x435.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1-20x11.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example1.png 1084w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-example2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-example2-1024x527.png\" alt=\"An example of RBAC security on Scopes and Collections in Couchbase\" width=\"900\" height=\"463\" class=\"aligncenter size-large wp-image-9738\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2-1024x527.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2-300x154.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2-768x395.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2-20x10.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-example2.png 1080w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>For Acme Co, the CLI command is similar to the earlier example, but instead of setting the RBAC to a Bucket, you need to adjust it to allow only a single Scope and\/or Collection.<\/p>\n<p>In our example from above, we want to allow the <code>acme<\/code> user access to the <code>Hotel<\/code> Collection inside of the <code>Inventory<\/code> Scope, so in this case the role would be <code>data_reader[Travel:Inventory:Hotel]<\/code>.<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091 -u Administrator  -p password \\\r\n --set --rbac-username acme --rbac-password cbpass7beta --rbac-name \"Acme Co. (Hotel)\" \\\r\n --roles data_reader[Travel:Inventory:Hotel] --auth-domain local\r\n<\/pre>\n<p>You&#8217;re probably wondering, what user access roles that can have a Scope and Collection defined? Here&#8217;s the complete list:<\/p>\n<ul><\/ul>\n<li>Application Access<\/li>\n<li>Data Reader<\/li>\n<li>Data Writer<\/li>\n<li>Data DCP Reader<\/li>\n<li>Data Monitoring<\/li>\n<li>Full-Text Search (FTS) Reader<\/li>\n<li>Query Select<\/li>\n<li>Query Update<\/li>\n<li>Query Insert<\/li>\n<li>Query Delete<\/li>\n<li>Query Manage Index<\/li>\n<li>Analytics Select<\/li>\n<li>We&#8217;ve also added a Manage Collections in Scope role to allow a user to add and remove Collections in a specific Scope on a Bucket.<\/li>\n<\/ul>\n<\/ul>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<h2>A Hands-on RBAC Security Example with Couchbase Server 7.0<\/h2>\n<p>Now it&#8217;s time for some more hands-on examples you can <a href=\"https:\/\/www.couchbase.com\/downloads\/?ref=blog\" rel=\"noopener\" target=\"_blank\">try out for yourself on Couchbase Server 7.0<\/a>. As before, I&#8217;m using a Linux-based cluster, so you may need to adjust the paths if using another platform. You&#8217;ll need to be running the Couchbase Data, Query and Index Services for this example.<\/p>\n<p>First, load the <code>travel-sample<\/code> Bucket into your cluster. <\/p>\n<pre>\r\ncurl -X POST -u Administrator:password https:\/\/localhost:8091\/sampleBuckets\/install -d '[\"travel-sample\"]'\r\n[]\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Then, create some additional Collections in the Bucket. We&#8217;ll use the <code>_default<\/code> Scope. You&#8217;ll need to use a Bucket administrator user (or higher privileges) to create the new Collections. <\/p>\n<pre>\r\n$ \/opt\/couchbase\/bin\/couchbase-cli collection-manage --create-collection _default.hotel -c localhost \\\r\n -u Administrator -p password --bucket travel-sample\r\n<\/pre>\n<pre>\r\nSUCCESS: Collection created\r\n<\/pre>\n<pre>\r\n$ \/opt\/couchbase\/bin\/couchbase-cli collection-manage --create-collection _default.airport -c localhost \\\r\n-u Administrator -p password --bucket travel-sample\r\n<\/pre>\n<pre>\r\nSUCCESS: Collection created\r\n<\/pre>\n<pre>\r\n$ \/opt\/couchbase\/bin\/couchbase-cli collection-manage --create-collection _default.airline -c localhost \\\r\n-u Administrator -p password --bucket travel-sample\r\n<\/pre>\n<pre>\r\nSUCCESS: Collection created\r\n<\/pre>\n<pre>\r\n$ \/opt\/couchbase\/bin\/couchbase-cli collection-manage --create-collection _default.landmark -c localhost \\\r\n -u Administrator -p password --bucket travel-sample\r\n<\/pre>\n<pre>\r\nSUCCESS: Collection created\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>You can also see these Collections in the Couchbase Server Web UI, as pictured below.<\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<div id=\"attachment_9676\" style=\"width: 910px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-02.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9676\" class=\"wp-image-9676 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-02-1024x564.png\" alt=\"Screenshot of Couchbase Server 7.0 Buckets\" width=\"900\" height=\"496\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02-1024x564.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02-300x165.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02-768x423.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02-20x11.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-02.png 1246w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><p id=\"caption-attachment-9676\" class=\"wp-caption-text\">The Bucket view in Couchbase Server 7.0<\/p><\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<div id=\"attachment_9677\" style=\"width: 910px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-03.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9677\" class=\"wp-image-9677 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-03-1024x561.png\" alt=\"Couchbase Server 7.0 Scopes and Collections Screenshot\" width=\"900\" height=\"493\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03-1024x561.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03-300x164.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03-768x421.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03-20x11.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-03.png 1244w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><p id=\"caption-attachment-9677\" class=\"wp-caption-text\">The Scopes and Collections view in Couchbase Server 7.0<\/p><\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Next, we&#8217;ll load data into each of the Collections based on a field which already exists in the documents, called <code>type<\/code>. The document <code>type<\/code> field matches to the new Collections we&#8217;ve just created. The data is copied into the Collection using <a href=\"https:\/\/www.couchbase.com\/products\/n1ql\/?ref=blog\" rel=\"noopener\" target=\"_blank\">the N1QL query language<\/a> from the command line. <strong>Note:<\/strong> We need to be careful to escape characters the shell would try to execute such as backticks.<\/p>\n<p>If you run into any issues with the formatting or getting the command to run, here&#8217;s an example image of what the command should look like. <\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-9814\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate.png\" alt=\"Screenshot of N1QL query for Hotel Collection Populate\" width=\"1500\" height=\"74\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate.png 1500w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-300x15.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-1024x51.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-768x38.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-20x1.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Screenshot-N1QL-HotelCollectionPopulate-1320x65.png 1320w\" sizes=\"auto, (max-width: 1500px) 100vw, 1500px\" \/><\/a><\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"INSERT INTO \\\\`travel-sample\\\\`._default.hotel (KEY _key, VALUE _value)\\\r\n SELECT meta().id _key, _value FROM \\\\`travel-sample\\\\` _value WHERE type='hotel'\"\r\n<\/pre>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"INSERT INTO \\\\`travel-sample\\\\`._default.airport (KEY _key, VALUE _value)\\\r\n SELECT meta().id _key, _value FROM \\\\`travel-sample\\\\` _value WHERE type='airport'\"\r\n<\/pre>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"INSERT INTO \\\\`travel-sample\\\\`._default.airline (KEY _key, VALUE _value)\\\r\n SELECT meta().id _key, _value FROM \\\\`travel-sample\\\\` _value WHERE type='airline'\"\r\n<\/pre>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"INSERT INTO \\\\`travel-sample\\\\`._default.landmark (KEY _key, VALUE _value)\\\r\n SELECT meta().id _key, _value FROM \\\\`travel-sample\\\\` _value WHERE type='landmark'\"\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Let&#8217;s create a primary index on the <code>hotel<\/code> Collection as an administrator:<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=Administrator -p=password --script=\\\r\n\"CREATE PRIMARY INDEX \\`hotel-primary\\` ON \\\\`travel-sample\\\\`._default.hotel\"\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Now, let&#8217;s get a list of all users and roles:<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091 -u Administrator -p password --list\r\n<\/pre>\n<pre>\r\n[]\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>As you can see above, we currently only have the built-in Administrator and no additional users. So the output from the command is empty, as expected. <\/p>\n<p>Next, let&#8217;s create a user, John Doe. We&#8217;ll give John both a data reader role and a query select role on the <code>hotel<\/code> Collection, which is located in the <code>_default<\/code> Scope.<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091 -u Administrator  -p password \\\r\n--set --rbac-username jdoe --rbac-password cbpass7beta  --rbac-name \"John Doe\" \\\r\n--roles data_reader[travel-sample:_default:hotel],query_select[travel-sample:_default:hotel]  \\\r\n--auth-domain local\r\n<\/pre>\n<pre>\r\nSUCCESS: User jdoe set\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Again, you can do this from the Web UI as well.<\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<div id=\"attachment_9678\" style=\"width: 910px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-04.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9678\" class=\"wp-image-9678 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2020\/11\/CollectionsRBAC-04-1024x362.png\" alt=\"Couchbase Server 7.0 screenshot of user roles\" width=\"900\" height=\"318\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04-1024x362.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04-300x106.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04-768x271.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04-20x7.png 20w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/CollectionsRBAC-04.png 1246w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><p id=\"caption-attachment-9678\" class=\"wp-caption-text\">RBAC User Roles in Couchbase Server 7.0<\/p><\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>Then, we verify that John Doe has the permissions specific to the <code>hotel<\/code> Collection. When John attempts to read from the entire travel-sample Bucket, he gets a permission denied error.<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/couchbase-cli user-manage -c localhost:8091 -u Administrator -p password --list\r\n<\/pre>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=jdoe -p=cbpass7beta --script=\\\r\n\"SELECT type, name, hotel.country FROM \\\\`travel-sample\\\\` LIMIT 5;\"\r\n<\/pre>\n<pre>\r\nSELECT type, name, hotel.country FROM `travel-sample` LIMIT 5;\r\n\r\n{\r\n....\r\n    \"results\": [\r\n\r\n    ],\r\n\r\n    \"errors\": [\r\n\r\n        {\r\n\r\n            \"code\": 13014,\r\n\r\n            \"msg\": \"User does not have credentials to run SELECT queries on default:travel-sample. Add role query_select on default:travel-sample to allow the query to run.\"\r\n\r\n        }\r\n\r\n    ],\r\n\r\n    \"status\": \"fatal\",\r\n    \u2026\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>This time, as John, let&#8217;s select five hotels from just the <code>hotel<\/code> Collection of the <code>travel-sample<\/code> Bucket, which John <em>does<\/em> have access to.<\/p>\n<pre>\r\n\/opt\/couchbase\/bin\/cbq -u=jdoe -p=cbpass7beta --script=\\\r\n\"SELECT type, name, hotel.country FROM \\\\`travel-sample\\\\`._default.hotel LIMIT 5;\"\r\n<\/pre>\n<pre> \r\n SELECT type, name, hotel.country FROM `travel-sample`._default.hotel LIMIT 5;\r\n{\r\n    \"requestID\": \"3cdc2fa8-b0cf-411a-a325-a1534280087a\",\r\n    \"signature\": {\r\n        \"country\": \"json\",\r\n        \"name\": \"json\",\r\n        \"type\": \"json\"\r\n    },\r\n    \"results\": [\r\n    {\r\n        \"country\": \"United Kingdom\",\r\n        \"name\": \"Medway Youth Hostel\",\r\n        \"type\": \"hotel\"\r\n    },\r\n    {\r\n        \"country\": \"United Kingdom\",\r\n        \"name\": \"The Balmoral Guesthouse\",\r\n        \"type\": \"hotel\"\r\n    },\r\n    {\r\n        \"country\": \"France\",\r\n        \"name\": \"The Robins\",\r\n        \"type\": \"hotel\"\r\n    },\r\n    {\r\n        \"country\": \"France\",\r\n        \"name\": \"Le Clos Fleuri\",\r\n        \"type\": \"hotel\"\r\n    },\r\n    {\r\n        \"country\": \"United Kingdom\",\r\n        \"name\": \"Glasgow Grand Central\",\r\n        \"type\": \"hotel\"\r\n    }\r\n    ],\r\n    \"status\": \"success\",\r\n...\r\n}\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>As shown in the examples above, you can qualify a Data Reader and Query Select role with a Scope and Collection confinement. <\/p>\n<p>Have fun and secure your Collections with our new role-based access control functionality!<\/p>\n<h2>More Resources on the Couchbase 7.0 Release<\/h3>\n<ul>\n<ul>\n<li><a href=\"https:\/\/docs.couchbase.com\/server\/7.0\/introduction\/whats-new.html?ref=blog\" rel=\"noopener\" target=\"_blank\">What&#8217;s New in Couchbase Server 7.0<\/a><\/li>\n<li><a href=\"https:\/\/docs.couchbase.com\/server\/7.0\/release-notes\/relnotes.html?ref=blog\" rel=\"noopener\" target=\"_blank\">Couchbase 7.0 Release Notes<\/a><\/li>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/scopes-and-collections-for-modern-multi-tenant-applications-couchbase-7-0\/?ref=blog\" rel=\"noopener\" target=\"_blank\">How Scopes &amp; Collections Simplify Multi-Tenant App Deployments on Couchbase<\/a><\/li>\n<li>Enterprise Edition customer support is available via your regular support channels. <a href=\"https:\/\/www.couchbase.com\/forums\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Community support is available through the Couchbase Forums<\/a><\/li>\n<\/ul>\n<\/ul>\n<div class=\"wp-block-spacer\" style=\"height: 30px\" aria-hidden=\"true\"> <\/div>\n<div style=\"text-align:center\"><strong>Want to try out RBAC security in Couchbase for yourself?<br \/>\n<a href=\"https:\/\/www.couchbase.com\/downloads\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Give Couchbase a Spin Today<\/a><\/strong><\/div>\n<div class=\"wp-block-spacer\" style=\"height: 15px\" aria-hidden=\"true\"> <\/div>\n<p>&nbsp;<br \/>\n&nbsp;<br \/>\n&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Your data in Couchbase just got more secure. Couchbase Server 7.0 introduced Scopes and Collections to better map between relational and NoSQL data models. But the 7.0 release also includes some additional enhancements to strengthen the security of the data [&hellip;]<\/p>\n","protected":false},"author":1864,"featured_media":11668,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1816,9336,1813,1812],"tags":[1261,1725,1903,1385,9301,1962],"ppma_author":[8928],"class_list":["post-9670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-couchbase-server","category-scopes-and-collections","category-security","category-n1ql-query","tag-json","tag-nosql-database","tag-rbac","tag-rdbms","tag-relational-database","tag-role-based-access-control"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.8 (Yoast SEO v25.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0<\/title>\n<meta name=\"description\" content=\"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0\" \/>\n<meta property=\"og:description\" content=\"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-05T07:00:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T02:27:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Introducing-RBAC-Security-for-Collections.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ian McCloy, Director Product Management\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections-social.jpeg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ian McCloy, Director Product Management\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\"},\"author\":{\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\"},\"headline\":\"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0\",\"datePublished\":\"2021-08-05T07:00:39+00:00\",\"dateModified\":\"2025-06-14T02:27:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\"},\"wordCount\":1433,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg\",\"keywords\":[\"JSON\",\"NoSQL Database\",\"RBAC\",\"RDBMS\",\"relational database\",\"Role Based Access Control (RBAC)\"],\"articleSection\":[\"Couchbase Server\",\"Scopes and Collections\",\"Security\",\"SQL++ \/ N1QL Query\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\",\"name\":\"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg\",\"datePublished\":\"2021-08-05T07:00:39+00:00\",\"dateModified\":\"2025-06-14T02:27:03+00:00\",\"description\":\"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg\",\"width\":1200,\"height\":628,\"caption\":\"Learn how role-based access control has expanded for Scopes and Collections in Couchbase Server 7.0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\",\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"caption\":\"Ian McCloy, Director Product Management, Couchbase\"},\"description\":\"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ianmccloy\/\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/ian-mccloycouchbase-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0","description":"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/","og_locale":"en_US","og_type":"article","og_title":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0","og_description":"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.","og_url":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/","og_site_name":"The Couchbase Blog","article_published_time":"2021-08-05T07:00:39+00:00","article_modified_time":"2025-06-14T02:27:03+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/Introducing-RBAC-Security-for-Collections.png","type":"image\/png"}],"author":"Ian McCloy, Director Product Management","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections-social.jpeg","twitter_misc":{"Written by":"Ian McCloy, Director Product Management","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/"},"author":{"name":"Ian McCloy, Director Product Management, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19"},"headline":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0","datePublished":"2021-08-05T07:00:39+00:00","dateModified":"2025-06-14T02:27:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/"},"wordCount":1433,"commentCount":3,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg","keywords":["JSON","NoSQL Database","RBAC","RDBMS","relational database","Role Based Access Control (RBAC)"],"articleSection":["Couchbase Server","Scopes and Collections","Security","SQL++ \/ N1QL Query"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/","url":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/","name":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg","datePublished":"2021-08-05T07:00:39+00:00","dateModified":"2025-06-14T02:27:03+00:00","description":"Learn how role-based access control, or RBAC Security in the database, has been expanded for Scopes and Collections in the Couchbase Server 7.0 release.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/role-based-access-control-rbac-couchbase-scopes-collections.jpeg","width":1200,"height":628,"caption":"Learn how role-based access control has expanded for Scopes and Collections in Couchbase Server 7.0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/introducing-rbac-security-for-collections\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Introducing Role-Based Access Control (RBAC) Security for Collections in Couchbase 7.0"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19","name":"Ian McCloy, Director Product Management, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f","url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","caption":"Ian McCloy, Director Product Management, Couchbase"},"description":"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/","sameAs":["https:\/\/www.linkedin.com\/in\/ianmccloy\/"],"url":"https:\/\/www.couchbase.com\/blog\/author\/ian-mccloycouchbase-com\/"}]}},"authors":[{"term_id":8928,"user_id":1864,"is_guest":0,"slug":"ian-mccloycouchbase-com","display_name":"Ian McCloy, Director Product Management","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","author_category":"","last_name":"McCloy, Director Product Management","first_name":"Ian","job_title":"","user_url":"","description":"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom.  His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella.  This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator.  Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/"}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/9670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/1864"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=9670"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/9670\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/11668"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=9670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=9670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=9670"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=9670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}